US2006048226A1PendingUtilityA1
Dynamic security policy enforcement
Est. expiryAug 31, 2024(expired)· nominal 20-yr term from priority
G06F 21/577
41
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method for dynamic security enforcement includes running an application with linked aspects and determining if a security issue is present in the application. A type of the security issue is determined and an aspect is written to fix the security issue based on the type of the security issue. Finally, the aspect linked to the application.
Claims
exact text as granted — not AI-modified1 . A method for dynamic security enforcement comprising:
running an application with linked aspects; determining if a security issue is present in the application; determining a type of the security issue; writing an aspect to fix the security issue based on the type of the security issue; and linking the aspect to the application.
2 . The method as recited in claim 1 wherein the application is continuously monitored for a new security issue and the new security issue is addressed by determining the type of the new security issue, writing a new aspect to fix the new security issue based on a type of the new security issue and linking the new aspect to the application.
3 . The method as recited in claim 1 wherein the type of security issue is a top-level security issue.
4 . The method as recited in claim 3 wherein the top-level security issue is an authentication security issue.
5 . The method as recited in claim 3 wherein the top-level security issue is an authorization security issue.
6 . The method as recited in claim 3 wherein the top-level security issue is an integrity security issue.
7 . The method as recited in claim 1 wherein the type of security issue is a permissions security issue.
8 . The method as recited in claim 1 wherein the type of security issue is an initialization security issue.
9 . The method as recited in claim 8 wherein the initialization security issue is a key-length security issue.
10 . The method as recited in claim 8 wherein the initialization security issue is a provider security issue.
11 . A method for dynamic security enforcement comprising:
developing security parameters; developing an application; compiling the application utilizing an aspect-oriented programming enabled compiler; running the application with linked aspects; determining if a security issue is present in the application; determining a type of the security issue; writing an aspect to fix the security issue based on the type of the security issue; and linking the aspect to the application.
12 . The method as recited in claim 11 wherein the application is continuously monitored for a new security issue and the new security issue is addressed by determining a type of the new security issue, writing a new aspect to fix the new security issue based on the type of the new security issue and linking the new aspect to the application.
13 . The method as recited in claim 11 wherein the type of security issue is a top-level security issue.
14 . The method as recited in claim 13 wherein the top-level security issue is an authentication security issue.
15 . The method as recited in claim 13 wherein the top-level security issue is an authorization security issue.
16 . The method as recited in claim 13 wherein the top-level security issue is an integrity security issue.
17 . The method as recited in claim 11 wherein the type of security issue is a permissions security issue.
18 . The method as recited in claim 11 wherein the type of security issue is an initialization security issue.
19 . The method as recited in claim 18 wherein the initialization security issue is a key-length security issue.
20 . The method as recited in claim 18 wherein the initialization security issue is a provider security issue.
21 . A system for dynamic security enforcement comprising:
an application with linked aspects; a security policy that determines access to the application; a dynamic security patch aspect engine capable of detecting a security issue, determining a type of the security issue and modifying the security policy to address the security issue, wherein modifying the security policy is based on the type of the security issue.
22 . The system as recited in claim 21 wherein the dynamic security patch aspect engine modifies the security policy by writing and linking an aspect to the application.
23 . The system as recited in claim 21 wherein the dynamic security patch aspect engine continuously monitors the application for a new security issue and addresses the new security issue by determining a type of the new security issue and modifying the security policy to address the security issue, wherein modifying the security policy is based on the type of the new security issue.
24 . The system as recited in claim 23 wherein the dynamic security patch aspect engine modifies the security policy by writing and linking an aspect to the application.
25 . The system as recited in claim 21 wherein the type of security issue is a top-level security issue.
26 . The system as recited in claim 25 wherein the top-level security issue is an authentication security issue.
27 . The system as recited in claim 25 wherein the top-level security issue is an authorization security issue.
28 . The system as recited in claim 25 wherein the top-level security issue is an integrity security issue.
29 . The system as recited in claim 21 wherein the type of security issue is a permissions security issue.
30 . The system as recited in claim 21 wherein the type of security issue is an initialization security issue.
31 . The system as recited in claim 30 wherein the initialization security issue is a key-length security issue.
32 . The method as recited in claim 30 wherein the initialization security issue is a provider security issue.
33 . A data structure for dynamic security policy enforcement that utilizes a dynamic aspect-oriented security patch for performing a security update to an application.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.